Snooping TV.

Just been listening to a radio piece about those Samsung smart TVs the CIA etc have apparently hacked so they can listen to what's going on in the room. So wondered if any of the computer savvy types could explain a few things I've observed with my voice activated Samsung TV.
1) If it is in standby, it no longer appears on my LAN. 2) I'm not aware of a method of bringing it out of standby over the internet. (it can be set to look for software updates etc overnight, though) 3) The LED on the front of the set changes colour between standby and on. Think most would notice if it was on when meant to be off. 4) Can the really very cheap microphone fitted to such things differentiate between the speech or music etc from the TV's own speakers just a few inches from it and pick up intelligible speech from the other side of the room?
Perhaps spies always have their TV switched on with the sound turned down. Despite things like bugs having been around for many a year. Obviously, their spy degree didn't include having a radio etc on loud when discussing something naughty.
--
*Velcro - what a rip off!*

Dave Plowman snipped-for-privacy@davenoise.co.uk London SW
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 10 Mar 2017 12:59:23 +0000 (GMT), Dave Plowman (News) wrote:

Neither does the windows PC here but it'll wake up when sent a Wake On Lan "magic packet".

WOL is tricky across the internet but it is possible, getting past firewalls and NAT is the biggest problem. Not sure what you can do via uPnP that is designed to blow holes in firewalls. Anything here with the uPnP feature gets it disabled.

Probably under software control. The TV piece a day or so ago had a TV running an "app" that appeared to do voice to text.

That's more of problem.
--
Cheers
Dave.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 10/03/2017 13:19, Dave Liquorice wrote:

I believe the way it was done was to fake standby by altering the LEDs to show standby even if the device is on the network, so no WOL needed. Of course, you'd see it on the lan.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

So first, you'd need to download and install special software to the TV to get the LEDs to show what you want?
--
*He's not dead - he's electroencephalographically challenged

Dave Plowman snipped-for-privacy@davenoise.co.uk London SW
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 10 Mar 2017 13:57:25 +0000 (GMT), "Dave Plowman (News)"

Aren't we expecting a new Wikileak anyday soon with the code of how it was done?
Nick
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

The TV downloads updates regularly. You'd just have to fool it into loading some hacked update instead of the genuine thing. That could be done by poisening your DNS entries or intercepting the update traffic. With good security, these things would be difficult (but not impossible). However, such appliances are well known for appalling security. Another way would be to exploit a buffer overrun or similar in some the the media decoding software, and providing a hacked film or whatever that causes execution of embedded code via this mechanism.
--
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Going to be a pretty major hack, I'd say. Have 'they' really got programmers writing this new software for every single telly on the market?
Odd how long it took them to get into a locked iPhone only a few months ago.

You are assuming it is possible to re-programme the device to do all the things needed to turn it into a covert listening device. Makes you wonder how so many makers can't write software so the device works as intended. ;-)
--
*Acupuncture is a jab well done*

Dave Plowman snipped-for-privacy@davenoise.co.uk London SW
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
writes:

surprisingly,
yes this is exactly what the techs in the spooks department spend their time doing
it's the easy part
the hard part is, as has been said, getting it onto a remote TV which can be anything from not that difficult to extremely bloody difficult, depending upon what levels of authentication the manufacture of the TV uses for OTA updates.
(I suspect that they aren't going to persuade too many people to stick a dodgy USB stick into their TV, which is how they will test their programs in their lab)
tim
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
tim... wrote:

    Surely it's very easy with an OTA update? No need to go near the LAN until installed.     Incidentally, does any piece of modern equipment work correctly when first installed?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Saturday, 11 March 2017 10:32:28 UTC, Capitol wrote:

Yes, but then it breaks at the first update.
Owain
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
writes:

Not if the TV authenticates the download to check that it has come from an authorised source (obviously the marker for the sender has to be hidden in an encrypted download)
I doubt that there are any TVs that do this, but it's not an untested technique. It is one that is mandatory for OTA downloads to equipment that performs safety critical functions.
tim
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 11/03/2017 12:10, tim... wrote:

Assuming of course that they don't also have access to the signing authorities certificates, thus allowing them to sign "authentic" code.
--
Cheers,

John.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

well that would be a step too far, in my view
tim
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 12/03/2017 09:54, tim... wrote:

How confident are you that "they" share your view?
(There are plenty of "dodgy" certification authorities out there already).
--
Cheers,

John.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload


if it's encrypted you need to know the secret (aka private) key
performing the certification is easy for you to do yourself if you know that
impossible for anyone if you don't
tim
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 13/03/2017 09:20, tim... wrote:

Thank you for the lesson in public key cryptography. Not sure it helps in this particular case.
I would expect that if you are a government sponsored spook, you will have access to a tame legit certification authority that is established in the root certificate hierarchy of trust. Hence you can sign anything you like as genuine. In addition to that there are a number of certification authorities that are none to fussy about what they sign.
For example:
https://www.theregister.co.uk/2016/03/23/google_now_publishing_a_list_of_cas_it_doesnt_trust/
--
Cheers,

John.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload


well no, because it doesn't work like that now
but the discussion is about how it could work if they wanted it to be secure

but if it's encrypted and you don't know the key, it won't match when the recipient decrypts it
and the recipient isn't a web browser that can choose to ignore a sig that doesn't match
It's a specifically written embedded program that chooses to throw away *everything* that doesn't match (otherwise it's useless as a secure product)
tim
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 13/03/2017 19:38, tim... wrote:

You seem to be suggesting a system where a unique public key pair is used to allow the device to verify the authenticity of code updates without replying on signed binaries and the more commonly used systems for establishing trust in these circumstances.
The difficulty with those types of systems is that they fall about in a heap the moment the private key is compromised. As nicely demonstrated by the CSS system applied to DVDs.
The old adage about every engineer can conceive of a crypto system that they could not themselves break, it perhaps worth keeping in mind.
--
Cheers,

John.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I am not sure what you are referring to as signed binaries
my understanding of signed binaries is to make sure that what you have received is what was sent, so that you don't try and load accidentally faulty code
the "encryption" used to make sure that the download is authentic, lies above that

I understand that this is the weak link
but I also *know* that it is the technique used to control downloads of software in some safety critical applications - applications where the acceptance of hacked code could kill someone (if that were the intention of the hacker)
I have no idea how the holder of that key makes sure it remains secure, I was only working on the public end.

tis difficult to come up with any scheme that cannot be broken by a rogue employee revealing the secret formula
tim
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 14/03/2017 17:16, tim... wrote:

No, that would just be a checksum, or possibly a cryptographic hash like a MD5 checksum.

This is normally done with digital certification and a secured communications channel. The initial part of the secure session establishment will typically use public key cryptography (even if a higher performance symmetric algorithm is used once a secure key exchange can be done). The key pairs will be created on the fly. The digital signature is issued by a certification authority to guarantee that a public key paid is actually owned by who it claims to be owned by.
So using this approach you get a good combination of protections without needing any hard coded keys that could be compromised, and you also get to verify you are actually talking to the right endpoint, and eliminate the potential for impersonation or "man in the middle" attacks.
(Its the way web based https or other SSL channels connections are established example).
Plenty more on it here:
https://en.wikipedia.org/wiki/Certificate_authority and https://en.wikipedia.org/wiki/Public_key_infrastructure

That's why modern systems will often use one time key pairs to initiate the channel. Once the connection is done with, the old keys are of no further value.

The whole point of decent encryption is that there should be no secret stuff. The whole algorithm should be open and freely available. Any form of "security by obscurity" always fails.
--
Cheers,

John.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.